SAF-T UA and Confidentiality: How to Protect Business Data During File Transfer to the Tax Authorities

The introduction of SAF-T in Ukraine marks a new era of electronic reporting — automated, standardized, and convenient for audits. But with new opportunities comes a key concern: is it safe to transmit financial data to the tax office electronically?

SAF-T format covers large volumes of sensitive data — accounting records, bank transactions, counterparty information, and more. In this article, we explore how to protect SAF-T files and what to consider when choosing tools to work with them.

Is SAF-T a Confidentiality Risk?

No. SAF-T itself is only a technical data exchange format. The vulnerability lies in how the file is transmitted, stored, and protected.

• Manually created files
• No protection during transmission
• No electronic signature

Files are often stored in unprotected locations (email, local PCs). This can lead to data leaks, forgery, or loss — with legal and financial consequences for the business.

How to Protect SAF-T Files: 3 Key Principles

1. Encryption

Before transmission, the file must be encrypted according to tax authority requirements. This prevents third-party access both in transit and at rest. Modern services like MySAF-T by EMEA IT Consulting offer automatic encryption with no extra setup needed.

2. Qualified Electronic Signature (QES)

An electronic signature is mandatory. It confirms the file was generated by your company and has not been modified after signing. MySAF-T includes built-in integration with signature providers — no local software installation required.

3. Access Control

SAF-T files should not be stored on employees’ personal computers. Secure services allow you to control access at every stage — from creation to submission. This ensures that only authorized personnel can access the file, even after it's been sent — especially critical for outsourcing teams.